ct logo wslogan

i-medIT Blog

Your Router Can Host Some Pretty Nasty Malware

Your Router Can Host Some Pretty Nasty Malware

Hundreds of millions of people use wireless Internet connections every day, and as a result, hackers are taking that as a challenge. They are now starting to develop malware that targets people through their routers. Recently, security researchers at Kaspersky Lab have discovered the malware named Slingshot. The code is designed to spy on PCs through a multi-layer attack that targets MikroTik routers. Today we take a look at Slingshot, and other router-based malware and what you can do about it.

Slingshot works by replacing a library file with a malicious version that downloads more malicious components and then eventually launches a two-front attack on the computers connected to it. The first one runs low-level kernel code that gives an intruder free rein of a system, while the other focuses on the user level and includes code to manage the file system and keep the malware alive.

It is a very intricate attack that calls the nefarious code in from an encrypted virtual file system; managing to do so without crashing the host system, a feat not lost on the security experts at Kaspersky Lab, who deemed it a state-sponsored attack because of the quality of the overall attack and the complexity of its components. Reports suggest that the malware can basically steal whatever it wants, including keyboard strokes, passwords, screenshots, and information about network usage and traffic.

MikroTik has announced that they have patched the vulnerability on versions of their routing firmware, but concerns remain as no one is sure if other router manufacturers have been affected. If that were to come to fruition, Slingshot could be a much larger problem than is currently believed.

Other Instances
Slingshot isn’t the first instance of a router turning on its owner. Traditionally, router security is known to be largely unreliable. Much of this is on the manufacturers, which have been known to build many different products without having a strategy in place to keep them working with up-to-date security. It is also up to the user to keep their router’s firmware up-to-date - something that is very easy to not keep top-of-mind. Plus, some routers make firmware updates time-consuming and difficult.

To attack the network, hackers seek to change the DNS server setting on your router. When you try to connect to a secure website, the malicious DNS server tells you to go to an elaborately constructed phishing site instead. By spoofing the domain and rerouting you to a website that is specifically constructed to take advantage of you, you have very little chance of warding off the attack before it’s too late.

Hackers have also been known to inject all types of user hindrances such trying to perform drive-by downloads, or inundating users with advertisements. Many attacks make use of cross-site request forgery attacks where a malicious actor creates a rogue piece of JavaScript that repeatedly tries to load the router’s web-admin page and change the router’s settings.

What to Do If This Happens to You
The first thing you should do is work to ascertain if your router has been compromised. You can do this in several ways, but the most telling is that your DNS server has been changed. You’ll have to access your router's web-based setup page. Once in, you have to visit the Internet connection screen. If your DNS setting is set to automatic, you are in the clear. If it’s set to “manual”, however, there will be custom DNS servers entered in the space. Many times, this is the first sign of a problem.

If you have been compromised, ensuring your router is set up to your manufacturer’s specifications will help you mitigate damage. To ward against this happening to you, you should always:

  • Install firmware updates: Making sure your router’s firmware is updated to the latest version will definitely help.
  • Disable remote access: Stop remote access to secure against anyone changing settings on your networking equipment.
  • Turn off UPnP: Plug and play can be very convenient, but your router could be affected through UPnP if there is any malware on the network since it is designed to universally trust all requests.
  • Change credentials: Changing your passwords are a simple way of keeping unwanted entities out of your router.

For more information about network and cybersecurity, the expert technicians at i-medIT are accessible and ready to help you keep your network and infrastructure secure. For help, call us at 630-549-6199.

Save the Date: Microsoft Products End of Life
Know Your Tech: Cache


Already Registered? Login Here
No comments made yet. Be the first to submit a comment

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Best Practices Privacy Google Cloud Hackers Business Computing Innovation Tech Term Backup Microsoft Network Security Malware Data Internet Email Mobile Devices Smartphones Hardware Small Business VoIP Data Backup Android Cybercrime Ransomware Cloud Computing User Tips Efficiency Internet of Things Windows Software Business Cybersecurity Gadgets Business Management Data Recovery Browser Managed IT Services Hosted Solutions Smartphone Communication Network Artificial Intelligence Computers How To Social Media Productivity Mobile Device Management Outsourced IT Miscellaneous Communications Collaboration Upgrade Windows 10 Automation Saving Money Server Money Router Applications Computer Save Money Chrome Law Enforcement IT Services Social Engineering Business Continuity Spam Data Breach Office 365 IT Support Alert Managed IT Services App Vulnerability Word Data Protection Bandwidth Workplace Tips Telephone Systems Data Security Safety Two-factor Authentication Connectivity Disaster Recovery Passwords Bring Your Own Device Phishing Sports Operating System Facebook BDR Apps YouTube BYOD Content Management Windows 10 Redundancy Data Storage Avoiding Downtime Quick Tips Recovery Networking Comparison Virtualization The Internet of Things Website Blockchain VPN IT Management Information Password OneNote Paperless Office IT Plan Remote Monitoring Managed Service Data storage Identity Theft Managed IT Internet Exlporer Virtual Assistant Settings Business Intelligence Physical Security Government Unsupported Software Update Private Cloud Windows 7 Google Drive Infrastructure Encryption Downtime Productivity Cleaning Wi-Fi Microsoft Office CES Public Cloud Gmail Spam Blocking Start Menu Cortana Holiday Tech Support NIST Netflix Trending Thought Leadership Camera Reputation Laptop Apple webinar Google Docs Authentication Augmented Reality Hybrid Cloud FENG Amazon Smart Office Current Events Business Mangement End of Support Computer Care Windows 10s Excel Telecommuting Meetings Tools Google Apps Flexibility Shadow IT Cryptocurrency Files Firewall Customer Servers Touchpad iPhone Conferencing Nanotechnology Remote Worker Monitor PDF Sync Amazon Web Services Chromecast Document Management Office Knowledge Recycling Practices Internet exploMicrosoft Samsung Tip of the week Remote Work Hiring/Firing IBM Employer-Employee Relationship Safe Mode Black Market History Specifications Addiction Hacking Marketing Online Shopping Uninterrupted Power Supply Going Green HVAC Managed Service Provider Emails Voice over Internet Protocol HIPAA Patch Management Smart Tech Wiring Relocation Network Congestion eWaste USB Hosted Computing Advertising Value Solid State Drive Windows Server 2008 Automobile Supercomputer Data loss Workers Legal Digital Signature Training Data Management NarrowBand Cache Telephony Evernote Office Tips Enterprise Content Management Human Resources Scam Unified Threat Management Work/Life Balance DDoS Machine Learning IT Consultant Criminal Inventory MSP Outlook Audit Credit Cards Budget Screen Mirroring Botnet Keyboard Telephone System User Error HBO Millennials Wireless Technology Wireless Internet Skype Wireless Charging HaaS Entertainment Password Management Health Multi-Factor Security Staff Devices Mobile Computing Root Cause Analysis Software Tips Big Data Access Control File Sharing Humor Computer Fan Flash Fraud Wire Cast Travel Password Manager Mobile Device Accountants Robot Charger Frequently Asked Questions Workforce Electronic Medical Records IT Support Benefits Wireless Managing Stress Books Video Games Music Regulation Virtual Reality Save Time Worker Battery Twitter Printers Emergency Assessment Scalability Wearable Technology Worker Commute Mobility Risk Management Rootkit Education Smart Technology Content Search Remote Computing Information Technology Television Employer Employee Relationship Politics Computing Infrastructure Two Factor Authentication Techology Audiobook Webinar How to Public Computer CrashOverride Computer Accessories Instant Messaging Troubleshooting Loyalty Best Practice Thank You Vendor Management Bluetooth IT solutions Transportation Company Culture WiFi SaaS Experience Congratulations Compliance Users